Advisories:rPSA-2010-0036

From rPath Wiki

rPath Security Advisory 2010-0036-1

Published: 2010-05-07

Products

• rPath Appliance Platform Linux Service 1
• rPath Appliance Platform Linux Service 2
• rPath Linux 1
• rPath Linux 2

Rating

Severe

Exposure Level Classification

Remote User Deterministic Information Exposure

Updated Versions

• openssl=conary.rpath.com@rpl:1/0.9.7f-10.18-1
• openssl=conary.rpath.com@rpl:2/0.9.8g-7.5-1
• openssl-scripts=conary.rpath.com@rpl:1/0.9.7f-10.13-1
• openssl-scripts=conary.rpath.com@rpl:2/0.9.8g-7.5-1

rPath Issue Tracking System

• RPL-3189
• RPL-3191

References

• CVE-2009-3245
• CVE-2009-3555
• CVE-2010-0433
• http://www.ietf.org/rfc/rfc5746.txt

Description

Openssl has been patched to address multiple vulnerabilities;

see the listed CVEs for details. Most importantly, this update

adds support for the TLS Renegotiation Indication Extension as

specified in RFC-5746, to address man-in-the-middle attack

weaknesses in the TLS protocol.

Copyright 2010 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html